Analysis
-
max time kernel
150s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
29/06/2024, 18:40
General
-
Target
1026e6ec2979d410eb6f08d46bd1123ea36b303e29ec14a3de57eb771315bef7.exe
-
Size
129KB
-
MD5
2715b614e2e7b006e0e77781e1929cc4
-
SHA1
b7b40ea88f83b7ffbf2215944587358fcb946610
-
SHA256
1026e6ec2979d410eb6f08d46bd1123ea36b303e29ec14a3de57eb771315bef7
-
SHA512
9d7d572b7fe3b4af68e64a202fbd6268a9fdd6adc2d6788f56ccdd44a81871100b8334102e7d68d872a9325f109ff3b3f4c6187b2def68330dbae4e7ed0fb59f
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afoHvmQ+EZMYX/x6gto:n3C9BRW0j/uVEZFJvu
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
UPX dump on OEP (original entry point) 33 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1026e6ec2979d410eb6f08d46bd1123ea36b303e29ec14a3de57eb771315bef7.exe"C:\Users\Admin\AppData\Local\Temp\1026e6ec2979d410eb6f08d46bd1123ea36b303e29ec14a3de57eb771315bef7.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxrlfx.exec:\lxxrlfx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3llxlfr.exec:\3llxlfr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbthtn.exec:\bbthtn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpj.exec:\dvvpj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthtn.exec:\btthtn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddpj.exec:\vddpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppj.exec:\dpppj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlllrrr.exec:\rlllrrr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnhbt.exec:\bbnhbt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjppd.exec:\jjppd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrrlf.exec:\llfrrlf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hhbnb.exec:\7hhbnb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnbt.exec:\bntnbt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdd.exec:\jdjdd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllxxrf.exec:\lllxxrf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttthnn.exec:\ttthnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjvj.exec:\vdjvj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrffxr.exec:\xrrffxr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhttb.exec:\hnhttb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppv.exec:\dvppv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjdj.exec:\dpjdj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrlfxr.exec:\flrlfxr.exe23⤵
- Executes dropped EXE
-
\??\c:\ttnnnh.exec:\ttnnnh.exe24⤵
- Executes dropped EXE
-
\??\c:\vpvpd.exec:\vpvpd.exe25⤵
- Executes dropped EXE
-
\??\c:\xxxrfrl.exec:\xxxrfrl.exe26⤵
- Executes dropped EXE
-
\??\c:\xxxrxfr.exec:\xxxrxfr.exe27⤵
- Executes dropped EXE
-
\??\c:\jjjdd.exec:\jjjdd.exe28⤵
- Executes dropped EXE
-
\??\c:\llxfllf.exec:\llxfllf.exe29⤵
- Executes dropped EXE
-
\??\c:\5rrxxxf.exec:\5rrxxxf.exe30⤵
- Executes dropped EXE
-
\??\c:\tnhtnn.exec:\tnhtnn.exe31⤵
- Executes dropped EXE
-
\??\c:\ddvjv.exec:\ddvjv.exe32⤵
- Executes dropped EXE
-
\??\c:\5lllxfr.exec:\5lllxfr.exe33⤵
- Executes dropped EXE
-
\??\c:\llllfxr.exec:\llllfxr.exe34⤵
- Executes dropped EXE
-
\??\c:\tbtttb.exec:\tbtttb.exe35⤵
-
\??\c:\jjvdj.exec:\jjvdj.exe36⤵
- Executes dropped EXE
-
\??\c:\xrfxrlf.exec:\xrfxrlf.exe37⤵
- Executes dropped EXE
-
\??\c:\fllfxrl.exec:\fllfxrl.exe38⤵
- Executes dropped EXE
-
\??\c:\nntnbt.exec:\nntnbt.exe39⤵
- Executes dropped EXE
-
\??\c:\hnbbtb.exec:\hnbbtb.exe40⤵
- Executes dropped EXE
-
\??\c:\jjjdp.exec:\jjjdp.exe41⤵
- Executes dropped EXE
-
\??\c:\jpdjp.exec:\jpdjp.exe42⤵
- Executes dropped EXE
-
\??\c:\3xrrxfr.exec:\3xrrxfr.exe43⤵
- Executes dropped EXE
-
\??\c:\nnnhtn.exec:\nnnhtn.exe44⤵
- Executes dropped EXE
-
\??\c:\hbtthb.exec:\hbtthb.exe45⤵
- Executes dropped EXE
-
\??\c:\jddpd.exec:\jddpd.exe46⤵
- Executes dropped EXE
-
\??\c:\9jjvv.exec:\9jjvv.exe47⤵
- Executes dropped EXE
-
\??\c:\frrlxrl.exec:\frrlxrl.exe48⤵
- Executes dropped EXE
-
\??\c:\ntnbth.exec:\ntnbth.exe49⤵
- Executes dropped EXE
-
\??\c:\tbhntn.exec:\tbhntn.exe50⤵
- Executes dropped EXE
-
\??\c:\pjjjv.exec:\pjjjv.exe51⤵
- Executes dropped EXE
-
\??\c:\nhtnbt.exec:\nhtnbt.exe52⤵
- Executes dropped EXE
-
\??\c:\bntbnt.exec:\bntbnt.exe53⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe54⤵
- Executes dropped EXE
-
\??\c:\vvjdj.exec:\vvjdj.exe55⤵
- Executes dropped EXE
-
\??\c:\lfxlfxr.exec:\lfxlfxr.exe56⤵
- Executes dropped EXE
-
\??\c:\fxxxrrl.exec:\fxxxrrl.exe57⤵
- Executes dropped EXE
-
\??\c:\bnttnt.exec:\bnttnt.exe58⤵
- Executes dropped EXE
-
\??\c:\tntbth.exec:\tntbth.exe59⤵
- Executes dropped EXE
-
\??\c:\7jvjd.exec:\7jvjd.exe60⤵
- Executes dropped EXE
-
\??\c:\5dvpp.exec:\5dvpp.exe61⤵
- Executes dropped EXE
-
\??\c:\5frlxxr.exec:\5frlxxr.exe62⤵
- Executes dropped EXE
-
\??\c:\thtnnn.exec:\thtnnn.exe63⤵
- Executes dropped EXE
-
\??\c:\nnbbbb.exec:\nnbbbb.exe64⤵
- Executes dropped EXE
-
\??\c:\dvpdv.exec:\dvpdv.exe65⤵
- Executes dropped EXE
-
\??\c:\ppjdj.exec:\ppjdj.exe66⤵
- Executes dropped EXE
-
\??\c:\3rfxllx.exec:\3rfxllx.exe67⤵
-
\??\c:\nhbttt.exec:\nhbttt.exe68⤵
-
\??\c:\nbhhbb.exec:\nbhhbb.exe69⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe70⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe71⤵
-
\??\c:\rxxrlfx.exec:\rxxrlfx.exe72⤵
-
\??\c:\bbhbbb.exec:\bbhbbb.exe73⤵
-
\??\c:\7hnnbt.exec:\7hnnbt.exe74⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe75⤵
-
\??\c:\ppvpv.exec:\ppvpv.exe76⤵
-
\??\c:\xflxfxf.exec:\xflxfxf.exe77⤵
-
\??\c:\hhhbtn.exec:\hhhbtn.exe78⤵
-
\??\c:\3ttnnh.exec:\3ttnnh.exe79⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe80⤵
-
\??\c:\pppjv.exec:\pppjv.exe81⤵
-
\??\c:\xllxlfx.exec:\xllxlfx.exe82⤵
-
\??\c:\tbthhb.exec:\tbthhb.exe83⤵
-
\??\c:\bbnthh.exec:\bbnthh.exe84⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe85⤵
-
\??\c:\pvvpp.exec:\pvvpp.exe86⤵
-
\??\c:\rlxxfxf.exec:\rlxxfxf.exe87⤵
-
\??\c:\nnbntb.exec:\nnbntb.exe88⤵
-
\??\c:\ttttnb.exec:\ttttnb.exe89⤵
-
\??\c:\pdddv.exec:\pdddv.exe90⤵
-
\??\c:\xrrfxfx.exec:\xrrfxfx.exe91⤵
-
\??\c:\lffxrxr.exec:\lffxrxr.exe92⤵
-
\??\c:\hbhnht.exec:\hbhnht.exe93⤵
-
\??\c:\tttthh.exec:\tttthh.exe94⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe95⤵
-
\??\c:\rlxxffl.exec:\rlxxffl.exe96⤵
-
\??\c:\fxxxfff.exec:\fxxxfff.exe97⤵
-
\??\c:\7nnhhh.exec:\7nnhhh.exe98⤵
-
\??\c:\1ttnhb.exec:\1ttnhb.exe99⤵
-
\??\c:\1vvpv.exec:\1vvpv.exe100⤵
-
\??\c:\rlllfff.exec:\rlllfff.exe101⤵
-
\??\c:\lfllfff.exec:\lfllfff.exe102⤵
-
\??\c:\hnhnnn.exec:\hnhnnn.exe103⤵
-
\??\c:\tntthn.exec:\tntthn.exe104⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe105⤵
-
\??\c:\xxxffrr.exec:\xxxffrr.exe106⤵
-
\??\c:\1flfxxf.exec:\1flfxxf.exe107⤵
-
\??\c:\hhhhhh.exec:\hhhhhh.exe108⤵
-
\??\c:\bbtbnb.exec:\bbtbnb.exe109⤵
-
\??\c:\bhhthh.exec:\bhhthh.exe110⤵
-
\??\c:\dvddj.exec:\dvddj.exe111⤵
-
\??\c:\dpvjp.exec:\dpvjp.exe112⤵
-
\??\c:\lllllll.exec:\lllllll.exe113⤵
-
\??\c:\flrxrrl.exec:\flrxrrl.exe114⤵
-
\??\c:\nttttt.exec:\nttttt.exe115⤵
-
\??\c:\hhtbbn.exec:\hhtbbn.exe116⤵
-
\??\c:\pvddv.exec:\pvddv.exe117⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe118⤵
-
\??\c:\fxfxfrr.exec:\fxfxfrr.exe119⤵
-
\??\c:\3xrrrrr.exec:\3xrrrrr.exe120⤵
-
\??\c:\tttthh.exec:\tttthh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-